Article

Google shares struggle to manage security complexities

Dennis Fisher

WASHINGTON -- As the nature and scope of security threats has changed dramatically over the last few years, enterprise security professionals have struggled to keep up. But they're not alone. The folks at Google Inc. also have had their share of challenges in adjusting to the new state of security on the Web.

    Requires Free Membership to View

Google doesn't want to be the company telling people what to do and what hot to do.
Scott Petry,
director of enterprise security and complianceGoogle

Even though Google sprang from the Internet culture that now dominates the corporate computing environment, the company is constantly working to understand the nature of the threats online and how they affect the company's customers and the broader Internet community, Scott Petry, Google's director of enterprise security and compliance said during a keynote speech at the Gartner IT Security Summit here Monday. Sure, Google has helped define and shape the way people work online, but that doesn't mean the company is immune to the complexities that online computing can introduce.

"It turns out that it's a very black-box world," Petry said. "We need to change our thinking to a security mentality that recognizes that the world is a black box and we don't know what some of the threats are and that we need to be able to respond to changes and threats as they happen. We don't know what we don't know. There's no way we can define a white box around all of the Google applications."

Google security news:
Google tries to nurture culture of security: By design, Google's security team is primarily composed of engineers, the search engine giant's security director noted during an interview at RSA Conference 2008.

Google-Postini email services deliver security market message: Google's Postini features add security into its apps offerings, signaling a challenge to service providers and hardware vendors such as MessageLabs, Cisco and Secure Computing.

Google tries to nurture culture of security: By design, Google's security team is primarily composed of engineers, the search engine giant's security director noted during an interview at RSA Conference 2008.

One way that Google, of Mountain View, Calif., is working to get a handle on this environment is by monitoring the ways in which people use Google Apps, the company's online application offerings, which include word processing, a spreadsheet application and a presentation application, similar to PowerPoint. The applications host all of the users' data online and enable users to share documents with virtually anyone, inside or outside their organizations. But because the applications exist online, they are subject to any number of known and unknown application-level attacks and Web threats, making security a thornier problem than usual.

The lessons the company has learned throughout the process are ones that can be applied in just about any organization. For example, Google's goal in securing Google Apps, as well as its own internal applications, is to enable people to do what they want to do, not prevent them from doing it. Mechanisms such as warnings for users who are trying to visit a known malicious website and a password-management tool are meant to make it easier for users to use the Web more securely without a lot of interference.

"Google doesn't want to be the company telling people what to do and what hot to do," Petry said. "We put a disproportionate amount of energy into helping users use the Internet safely. "How do we create a safe experience for users? Our business is built on the quality of our results."

Petry encouraged IT security specialists to look at the ways in which they secure their own organizations and see how they can provide a more open and satisfying experience for users, while still emphasizing security.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: